77import subprocess
88from colorama import Fore , Back , Style
99import csv
10- import re
1110import shutil
1211from PySide6 import QtGui
1312import convert .netstat
1413import convert .loadcsv
1514import vol2find
1615import pandas as pd
1716from PySide6 import QtWidgets
17+ import re
1818
1919
2020class CommandRunner (QThread ):
@@ -41,7 +41,7 @@ def __init__(self):
4141 self .setWindowIcon (QtGui .QIcon ('res/ico.jpg' ))
4242 #长宽不允许修改
4343 self .setFixedSize (self .width (), self .height ())
44- self .actionOpenFile .triggered .connect (self .open_file )
44+ self .actionOpenFile .triggered .connect (self .open_file_select )
4545 self .actionOpenFile .setShortcut ('Ctrl+O' )
4646 self .actionOpenFile .setStatusTip ('打开文件' )
4747 self .setContextMenuPolicy (Qt .CustomContextMenu )
@@ -147,6 +147,12 @@ def dropEvent(self, event):
147147 if event .mimeData ().hasUrls ():
148148 file_path = event .mimeData ().urls ()[0 ].toLocalFile ()
149149 self .open_file (file_path )
150+
151+ #打开文件
152+ def open_file_select (self ):
153+ file_path , _ = QFileDialog .getOpenFileName (self , '打开文件' , '' , '内存镜像文件 (*.raw)' )
154+ if file_path :
155+ self .open_file (file_path )
150156
151157 def open_file (self , file_path ):
152158 self .file_name = file_path
@@ -284,29 +290,29 @@ def ntfsfind(self):
284290 str1 = self .lineEdit_str .text ()
285291 files = r'M:\forensic\csv\timeline_ntfs.csv'
286292 result = []
287- with open (files , 'r' ,encoding = 'UTF-8' ) as file :
293+ with open (files , 'r' , encoding = 'UTF-8' ) as file :
288294 for line in file :
289- if str1 in line :
295+ if re . search ( str1 , line , re . IGNORECASE ) :
290296 result .append (line )
291- #pandas读result
297+ # pandas读result
292298 df = pd .DataFrame (result )
293299 df = df .values .tolist ()
294- #每行分割
300+ # 每行分割
295301 for i in range (len (df )):
296302 df [i ] = re .split (',' , df [i ][0 ])
297- #去掉最后一列
303+ # 去掉最后一列
298304 df [i ].pop ()
299305 # 加载至tableWidget_find,不知几列
300306 self .tableWidget_find .setRowCount (len (df ))
301307 self .tableWidget_find .setColumnCount (len (df [0 ]))
302308 # Time Type Action PID Value32 Value64 Text Pad
303- self .tableWidget_find .setHorizontalHeaderLabels (['Time' ,'Type' ,'Action' ,'PID' ,'Value32' ,'Value64' ,'Text' ])
309+ self .tableWidget_find .setHorizontalHeaderLabels (['Time' , 'Type' , 'Action' , 'PID' , 'Value32' , 'Value64' , 'Text' ])
304310 for i in range (len (df )):
305311 for j in range (len (df [0 ])):
306312 self .tableWidget_find .setItem (i , j , QTableWidgetItem (df [i ][j ]))
307- #宽度自适应,根据内容调整列宽,最后一列填充空白部分
313+ # 宽度自适应,根据内容调整列宽,最后一列填充空白部分
308314 self .tableWidget_find .horizontalHeader ().setSectionResizeMode (QHeaderView .ResizeToContents )
309- self .tableWidget_find .horizontalHeader ().setSectionResizeMode (len (df [0 ])- 1 , QHeaderView .Stretch )
315+ self .tableWidget_find .horizontalHeader ().setSectionResizeMode (len (df [0 ]) - 1 , QHeaderView .Stretch )
310316 print (Fore .GREEN + '[+] 搜索成功!' + Style .RESET_ALL )
311317 def volfindscan (self ):
312318 if self .lineEdit_str .text () == '' :
@@ -325,8 +331,12 @@ def volfindscan(self):
325331 profile = str1 + str2
326332 #cmd = config.volatility2 + " -f " + self.mem_path + " --profile=" + profile + " filescan | findstr " + str
327333 cmd = f'{ config .volatility2 } { self .mem_path } { profile } { str }
334+ #运行时 按钮变为不可用
335+ self .pushButton_withvol2find .setEnabled (False )
328336 self .command_runner = CommandRunner (cmd )
329337 self .command_runner .start ()
338+ #线程结束后 按钮变为可用
339+ self .command_runner .finished .connect (lambda : self .pushButton_withvol2find .setEnabled (True ))
330340 def procdump2gimp (self ):
331341 str = self .lineEdit_str .text ()
332342 #判断是否为数字
0 commit comments